A NOVEL TRUSTED BASE MODEL FOR CLOUD COMPUTING
USING FEDERATED IDENTITY ARCHITECTURE AGAINST
IDENTITY THEFT
EGHBAL GHAZIZADEH
DECLARATION OF THESIS / UNDERGRADUATE PROJECT PAPER AND COPYRIGHT
Author’s full name: EGHBAL GHAZIZADEH
Date of birth : 22 SEPTEMBER 1980
Title : A NOVEL TRUSTED BASE MODEL FOR CLOUD COMPUTING USING FEDERATED IDENTITY ARCHITECTURE AGAINST IDENTITY THEFT
Academic Session: 2012/2013
declare that this thesis is classified as :
I acknowledged that Universiti Teknologi Malaysia reserves the right as follows:
1. The thesis is the property of Universiti Teknologi Malaysia.
2. The Library of Universiti Teknologi Malaysia has the right to make copies for the purpose of research only.
3. The Library has the right to make copies of the thesis for academic exchange.
SIGNATURE SIGNATURE OF SUPERVISOR
L95236155
UNIVERSITI TEKNOLOGI MALAYSIA
CONFIDENTIAL (Contains confidential information under the
Official Secret Act 1972)*
RESTRICTED (Contains restricted information as specified by
the organization where research was done)*
OPEN ACCESS I agree that my thesis to be published as online
open access (full text)
Dr. Mazdak Zamani
NAME OF SUPERVISOR (NEW IC NO. / PASSPORT NO.)
“I declare that I have read this project, in my
opinion this project report has satisfied the scope and quality for the award of the degree of Master of Computer Science (Information Security).”
Signature :
Name of Supervisor : DR. MAZDAK ZAMANI
A NOVEL TRUSTED BASE MODEL FOR CLOUD COMPUTING USING
FEDERATED IDENTITY ARCHITECTURE AGAINST IDENTITY THEFT
EGHBAL GHAZIZADEH
A thesis submitted in partial fulfillment of the requirements for the award of the degree of Master of Computer Science (Information Security)
Faculty of Computer Science and Information Systems Universiti Teknologi Malaysia
ii
I declare that this project report entitled “A Novel Trusted Base Model for Cloud Computing Using Federated Identity Architecture against Identity Theft” is the result of my own research except as cited in the references. The project report has not been accepted for any degree and is not concurrently submitted in the candidature of any other degree.
SIGNATURE:
Name : EGHBAL GHAZIZADEH
iii
ACKNOWLEDGEMENT
First, thank you Allah for giving me strength to take up this challenge and with your blessing to complete this study. Second and foremost, I am deeply indebted to my supervisor, Dr. Mazdak Zamani for his patience in assisting, advising and guiding me throughout this project. Next, I am also deeply grateful to my co-supervisor professor Dr. Jamalul-Lail Ab Manan from Malaysian Institute Of Microelectronic Systems (MIMOS) for his precious advices, guidance, continuous and kind help during this project. To the admin staff of UTM AIS, thank you for your continuous help and kind assistance during my presence in UTM AIS.
DECLARATION of PROJECT STATUS FORM
Student Name : Eghbal Ghazizadeh Student ID : MC101230
Supervisor Name : Dr. Mazdak Zamani Course code : MCU1016
Academic : 2012/2013
Title of Project : A TRUST-BASED NOVEL MODEL FOR CLOUD COMPUTING USING FEDERATED IDENTITY ARCHITECTURES AGAINST IDENTITY THEFT
The above project work has / has not*** fulfilled the necessary criteria
towards the completion of the project, hence the mentioned student is
ready / not ready*** to submit the project report and orally present
his/her project work.
*** Additional Remarks
_________________________
SUPERVISOR’S SIGNATURE
Date :
***Choose appropriately
v
ABSTRACT
vi
ABSTRAK
vii
TABLE OF CONTENTS
CHAPTER TITLE PAGE ACKNOWLEDGEMENT ...III ABSTRACT ... V ABSTRAK ... VI TABLE OF CONTENTS ... VII LIST OF TABLES ... XI LIST OF FIGURES ... XII LIST OF APPENDICES ... XIV 1 INTRODUCTION ... 1
1.1 Overview 1
1.1.1 Security and Cloud Computing 2
1.1.2 Cloud computing and Federated Identity 4
1.2 Background of the problem 6
1.3 Problem Statements 9
1.4 Project Objectives 11
1.5 Research Questions 12
1.6 Project Aim 12
1.7 Scope of the Study 13
1.8 Summary 14
2 LITERATURE REVIEW ... 15
2.1 Introduction 15
2.1.1 Cloud Computing 15
2.1.2 Virtualization 17
2.1.3 Federated Identity Management 18
2.1.3.1 Federated Identity Element 20
2.1.3.2 Digital Identity Management Models 22 2.1.3.3 Federated identity and Identity Theft 23
2.1.4 Federated Identities Architectures 24
2.1.4.1 Liberty Alliance 25
viii
2.1.4.3 WS-Federation 27
2.1.5 Federated Identities Architectures in cloud computing 28
2.1.5.1 Hub and Spoke Model 29
2.1.5.2 Free Form Model 30
2.1.5.3 Hybrid Model 30
2.1.6 SSO Protocol Overview 31
2.1.6.1 SAML 32
2.1.6.2 OpenID Connect 33
2.1.6.3 OAuth 2.0 35
2.1.7 Security issues of Federated identity 37
2.1.7.1 Security Issues of OpenID 37
2.1.7.2 Security Issues of SAML 38
2.1.8 Trusted Computing 39
2.1.8.1 Trusted Multi-tenant Infrastructure (TMI) 42
2.2 Related Work 43
2.2.1 SSO 44
2.2.2 OpenID 45
2.2.3 OAuth 47
2.2.4 Federated Identity and Trust 49
2.3 Summary 58
3 RESEARCH METHODOLOGY ... 61
3.1 Introduction 61
3.2 Waterfall Model 61
3.3 To investigate a trust based model 63
3.4 To Propose a Model 64
3.5 To evaluate the proposed Model 66
3.6 Operational Framework 67
3.7 Summary 70
4 DESIGN AND IMPLEMENTATION ... 71
4.1 Introduction 71
4.2 Proposed Model 72
4.2.1 Log On using a user’s URL 73
ix
4.2.3 Client Authentication with IDP 76
4.2.4 Mutual Attestation between Client and IDP platforms 76 4.2.5 Authorizing User's browser for further requests 77 4.2.6 User’s Browser Request for Service from RP or SP 78
4.3 OpenID authentication flow 78
4.3.1 Determining the Scope of the System 79
4.3.2 Trust OpenID System Design 79
4.3.3 Log On using user’s URL 84
4.3.4 Redirection for Client Authentication 84
4.3.5 Client Authentication with IDP 85
4.3.6 Mutual Attestation between Client and IDP platforms 85 4.3.7 Authorizing User's browser for further requests 88 4.3.8 User’s Browser Request for Service from RP or SP 88
4.4 Summary 89
5 RESULT AND ANALYSIS ... 90
5.1 Introduction 90
5.2 Confidentiality Protection of Proposed Model 90
5.2.1 BLP MODEL 91
5.2.2 Terminology 91
5.2.3 Protocol Overview 94
5.2.4 Phishing Attack 95
5.2.5 Definition of System State 96
5.2.5.1 Simple-security property (SSP) 99
5.3 Simulation analysis 100
5.4 Security Analysis 102
5.4.1 Mutual Authentication 102
5.4.2 Compromising the TA 103
5.4.3 Authentication in an untrustworthy environment 104
5.4.4 Insider Attack 105
5.4.5 The man in the middle attack 105
5.5 Comparison Analysis 106
5.6 Summary 108
x
6.1 Introduction 109
6.2 Summary of the Research 109
6.3 Project Contribution 110
6.4 Future Work 111
REFERENCES ... 112
APPENDIX A 116
APPENDIX B 117
xi
LIST OF TABLES
TABLE NO. TITLE PAGE
2.1 Summary of the related work 52
2.2 Summary of the related work 53
2.3 Summary of the related work 54
2.4 Summary of the related work 55
2.5 Summary of the related work 56
2.6 Summary of the related work 57
5.1 Comparative analysis 107
xii
LIST OF FIGURES
FIGURE NO. TITLE PAGE
1.1 Trusted Computing 4
1.2 Authentication in OpenID 10 1.3 Identity theft in OpenID 11
2.1 Four deployment models for cloud computing 16
2.2 Federated identity and collaborations 20
2.3 Digital Identity elements 22
2.4 Identity theft prevention program 24
2.5 Architecture of Liberty Alliance and Circle of Trust 25
2.6 Architecture of Shibboleth and Circle of Trust 26
2.7 Architecture of WS-Federation and relationship between elements
28
2.8 Architecture of Hub and Spoke Model and Free Form Model 29
2.9 Message exchange in SAML model 33
2.10 Message exchange in OpenID Connect model 35
2.11 Message exchange in OAuth 2.0 model 36
2.12 TPM Identities and Key generation in TPM 41
2.13 Processing of integrity measurement 41
2.14 Key certification 42
2.15 You and Jun proposed model 45
2.16 You and Jun comparison table 47
2.17 Step by step OAuth message exchange 48
2.18 How attacker attacks OAuth 49
3.1 Waterfall Model 62
3.2 Operational framework 63
3.3 Investigate phase 64
xiii
3.5 Comparison of proposed model 66
3.6 Evaluate the proposed model 67
3.7 Flow Diagram of the operational framework 69
4.1 Proposed Trust Based Federated Identity Architecture to Mitigate identity theft in OpenID
74
4.2 The trusted based model sequence diagram 75
4.3 The trusted based model sequence flow chart. 77
4.4 Main form of the proposed model simulation 80
4.5 Registration Form 81
4.6 Identity provider’s database 82
4.7 User registration database 82
4.8 Assign OpenID URL based on user’s request 83
4.9 Simulating of relying party web site 83
4.10 IDP Sign On 84
4.11 Trust Authority database 85
4.12 TPM Checking 87
4.13 Pass TPM checking 87
4.14 User’s authorization 88
4.15 RP accepts user’s credential 89
5.1 Objects and subjects of the proposed model 93
5.2 Access class matrix and relationship between objects and subjects.
96
5.3 Security level, Subject, and object of the proposed model 99
5.4 Phishing relying party web site 101
5.5 Checking identity based on TPM 101
xiv
LIST OF APPENDICES
CHAPTER 1
INTRODUCTION
1.1 Overview
The new definition of cloud computing has been born by Amazon’s EC2 in 2006 in the territory of information technology. Cloud computing has been revealed because of Commercial necessities and make a suitable application. According NIST definition, “cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources.” Resource pooling, on-demand self-service, rapid elasticity, measured serviced and broad network access is five vital features of cloud computing. Other definitions of cloud are executed, supplying material, organized, and infrastructure based that they should be rapidly provisioned and unrestricted automatically access or service provider interaction (Grance, 2009).
2
dominated by cloud computing. Therefore, thousands of new business release every day about cloud computing technology (Gartner, 2011).
1.1.1 Security and Cloud Computing
While cost and ease are two top benefits of cloud, trust and security are two concerns of cloud computing users. Cloud computing has claimed insurance for sensitive data such as accounting, government, and healthcare and bring opportuneness for end users. Virtualization, multi tenancy, elasticity, and data owner which traditional security techniques cannot solve security problems for them are some new issues in the cloud computing. Trust is one of the most important issues in cloud computing security; indeed, two trust questions are in cloud computing. The first question is, are cloud users trust cloud computing and second question is, how could make a trusted base environment for cloud users? Besides these questions, cloud users and vendors when transfer their businesses to cloud also have these questions. Will cloud service providers trustworthy? Will the cloud enterprises could more attractive to hackers? All these concerns and questions encounter to cloud computing. These questions address these concerns when considering moving critical application, cloud must deliver a sufficient and powerful security level for the cloud user in term of new security issues in cloud computing (Rodriguez et al., 2006).
3
because when they withdraw money from an ATM machine, they trust it (Abbadi and Martin, 2011).
Cloud computing suppliers should prepare a secure territory for their consumers. A territory is a collection of computing environments connected by one or more networks that control the use of a common security policy. Regulation and standardization are another issue of trust that PGP, X509, and SAML are three examples for establishing trust by using standard. Access management, trust, identity management, single sign-on and single sign-off, audit and compliance and configuration management are six patterns that identify basic security in cloud computing . Computer researchers believe that trust is one of the most important parts of security in cloud computing. There are three distinct ways to prove trust. First, we trust someone because we know them. Second, we trust someone because the person puts trust on us. Third, sometimes we trust someone because an organization that we trust vouches for that person. In addition, there are three distinct definitions of trust. First, trust means that the capability for two special groups to define a trust connection with an authentication authority. Second, trust identifies that the authority can exchange credentials (X.509 Certificates). Third, it uses those credentials to secure messages and create signed security token (SAML). The main goal of trust is users can access a service even though that service does not have knowledge of the users (Carmignani, 2010).
4
In addition, Trusted Computing will permit computer systems to propose improved security and efficiency. The main aim of trusted computing has prepared a framework for data and network security that cover data protection, disaster recovery , encryption, authentication, layered security, identity, and access control (TCG, 2011).
Figure 1.1: Trusted Computing (TCG 2011)
1.1.2 Cloud computing and Federated Identity
One of the problems with cloud computing is the management and maintenance of the user’s account. Because of the many advantages of cloud such as cost and security, identity management should promises all the cloud advantages. Therefore, the new proposed model and standards should make use of all the cloud advantages and prepare an environment to ease use all of them
5
services between a classified set of users. Attend to establish the best digital identity for users to use is the most important concern of cloud providers. Cloud prepares a large amount of various computing resources; consequently, diverse users in the same system can share their information and work together. Classified identity and common authentication are an essential part of cloud authentication and federated identity acts as a service based on a common authentication even though it is broadly used by most important companies like Amazon, Microsoft, Google, IBM, and Yahoo (Yan et al., 2009).
Today's an internet user has about thirteen accounts that require user names and passwords, and enters about eight passwords per day. It becomes a problem and internet users face the load of managing this huge number of accounts and passwords, which leads to password tiredness; indeed the burden of human memory, password fatigue may cause users to use password management strategies that reduce the security of their secured information. Besides, the site centric Web makes online and each user account is created and managed in a distinct administrative domain, profile man arrangement and personal content sharing will be difficult. SSO or Web single sign-on systems are invited to address the mentioned problem with the site centric. Web users, identity provider and identity provider are three parts of SSO and they have a distinct role in identity scenario. An IDP collects user identity information and authenticates users, while an RP trusts on the authenticated identity to make authorization decisions. OpenID is a promising and open user centric Web SSO solution. More than one billion OpenID accounts have been permitted to use service providers according to the OpenID Foundation. Furthermore, the US Government has cooperated with the OpenID Foundation in the provision of the Open Government Initiative's pilot acceptance of OpenID technology (Sun et al., 2011).
6
SSO solutions were initially advanced by numerous educational institutions in the mid-1990s. For examples, Cornell University’s SideCar, Stanford University’s WebAuth and Yale’s Central Authentication System (CAS) were entirely early reformers in the field (Hodges, 2008).
SSO today has a critical role in cloud security and becomes essential to realize how secure the deployed SSO mechanisms truly are. Nevertheless, it is a new idea and no previous work includes a broad study on commercially deployed web SSO systems, a key to understanding to what extent these real systems are subject to security breaches (Armando, 2008). In addition, Wang et al showed that Weaknesses that do not illustrate on the protocol level could be brought in by what the system essentially agree to each SSO party to do (Wang et al., 2012b).
1.2 Background of the problem
Madsen et al (2005) defined some problems of federated identity and illustrated that FIM or Federated Identity Management established on standard permits and simplifies joining federated organizations in term of sharing user identity attributes, simplify authentication and allowance or deny using service access requirements. The definition of SSO is Using it facility user authenticates only one time to home identity provider and logged in to access successive service providing service providers within the federated. There are some active problem and concern in a federated identity environment like to misuse of user identity information through SSO capability in service providers and identity providers, user's identity theft, service providers and identity providers, and trustworthiness of the user. Federated identity has identified regardless of good architectures still has some security problems that should be considered in the real estate implementation (Madsen et al., 2005).
7
the user has been compromised during implementing a Federated Identity. Rodriguez et al (2006) discovered Federated identity Architecture (FIA) as a way for solving vulnerabilities. There are three architectures for implementing security issue in FIA which named Liberty Alliance, Shibboleth, and WS- Federation (Rodriguez et al., 2006).
Archer et al (2011) argued that one of the most common attacks is identity theft because it is very problematic to identify until the harm is done. They believed that in the insecure channel is most of the identity theft attack have been occurred. Besides identity attack, legal compliance and privacy guaranty is another security problem with identity federated. For example, the current FIA has not a powerful way user’s information. P3P has been released as a standard and a project for improving FIA that established by the W3C in term of creating a usefully integrated into the FIA. Moreover, PKI integration, AAA integration, and P2P application support are another attack that identity provider has to consider in trust security (Archer et al., 2011).
There are five security issues of identity and attribute that computer scientific attend to improve security of them and implement a security transformation environment between users and vendors.
i. The connection to Human Resources is difficult as HR has been frequently only the master source for staff on systematic payroll.
ii. There are typically no authoritative information sources for partner information and their devices that it is most important for me.
iii. The capability to delivery other entities does not exist in most organizations that also it is important in my study.
8
Most organizations do not have the ability to off-board another organization or on the other hand De-provisioning needs to extend to all entities. Hence, the vendors should agree to finish and revoke the code from operating on systems when it is found to be faulty or obsolete. These issues and the lack of provisioning standards stress the necessity for good planning and a complete approach to how Identity Attributes, accounts, and Lifecycle management of all Entity-types will operate in the cloud eco-system being settled (Archer et al., 2011).
Identified by Suriadi et al (2009), “one of the main problems with the model is user privacy. In an SSO environment, relying parties (RP) or service providers (SP). “It can also be gathering information about a user of the information that they get from the identity providers (IDP). They also analyzed that sharing of user’s information by malicious IDPs and SPs can disclose a complete user’s identity and activities”(Suriadi et al., 2009). In addition Suriadi et al (2009), Zarandioon et al shows that this issue has caused web users to be cautious of SSO implementations and is one of the main causes for the lack of widespread adoption (Zarandioon et al., 2009).
9
1.3 Problem Statements
Digital Identity information must be exchanged between different service provider in the by considering security and trust. Based on CIA, confidentiality and integrity are two top security issues for digital identity and by using these factors we can keep safe our information. There are many levels of trust by considering identity and attribute for users in the data transaction. Therefore, management of identities in a secure and fast way for access computer resources is important for users and vendors. Madsen et al (2005) studied that service providers have problem to get the share identities and attribute. Online identity theft is the most critical problem for implementing of architecture in federated identity. Strong authentication, preventing theft, and decreasing risk can be achieved with a of good establishing federated identity management (Madsen et al., 2005).
OpenID is one of the common standards that uses for federated identity in term of security. I will focus on Phishing attack on OpenID protocol and it will be explained step by step. Based on Figure 1.2 every system involves tree party that named user or the user’s browser, relying party or RP, and identity provider or id which is the most important part of security and there are the most significant challenges in this part of identity security. It has been shown Figure 1.2 that OpenID use step by step way for exchanging messages and it is as below.
In step 1, the pattern is saying the user’s URL to RP. In step2, RP defines the User’s location.
In step 3 and 4, RP ask the user by considering the IP to get an
authentication token. In this step RP should determines that this IP is the user who asking the request for authentication that normally shows by asking user name and password.
In step 5 and 6, the IDP deliver token to the user’s browser to send to the RP that has been shown in step 5 and 6. At the end of authentication part IP and RP distinguish each other.
10
According to OpenID standard Kim (2007) studied and argued that then it will be weak for Phishing attack. Therefore, based on Figure 1.3, the attackers try to do another way to Phishing and identity theft. The Kim proposed Phishing attack described as below:
Figure 1.2: Authentication in OpenID (Kim, 2007)
In step1, the web user by mistake goes to the evil site and the user sends to evil RP her/his URL and her/his location IDP.
In step2, he or she redirects to the scooper contacts instead of legitimate IDP.
In step 3 and 4, are the evil scooper contacts the legitimate IDP and pulls down an exact copy of its login experience. Convinced she or he is talking to her or his IDP; the user posts her or his credentials, which can now be used by the Evil Scooper to get tokens from the legitimate IDP. In step 5 and 6, token can then be used to gain access to any legitimate
11
Redirection to the home site is under the control of the evil party is the problem here, and the user gives that party sufficient information to use by the evil. Further, the whole process can be fully automated (Kim, 2007).
Figure 1.3: Identity theft in OpenID (Kim, 2007)
1.4 Project Objectives
The objectives of this study are as below:
i. To investigate existing cloud identity based models and their security architecture.
ii. To propose a model based on federated identify architecture for establishing trusted computing to mitigate identity theft.
12
1.5 Research Questions
The main questions this research motivates to answer are as follows:
1. What are the approaches that eliminate security issues by proposing a novel model
for federated identify?
2. How to develop a new model regarding to the enhancement of security in cloud
identity?
3. How to test and evaluate the performance of this model and comparison with other
models?
1.6 Project Aim
13
1.7 Scope of the Study
This research focuses on trust in cloud computing. Trust in the cloud is a critical part in cloud security. As it has been mentioned in the introduction, access management, trust, identity management, single sign-on and single sign-off, audit and compliance, and configuration management are six patterns that identify basic security in cloud computing. This study will focus on federated identity which is used for user identity management. In addition, there are several federated identity architectures for managing this problem. Hub and Spoke Model, Free Form Model, and Hybrid model are three models for implementing federated identify in trusted computing. Although, there are some remaining issues and challenges in these management trust models so this study will focuses on the hybrid model to enhance and propose architecture.
Stopping Phishing attacks completely is very difficult. Therefore, the aim of this study is to decrease the number of identity theft and Phishing attacks. Trusted computing that applies in this study try to decrease the success probability of Phishing attack and identity theft. However, as TPM in OpenID has been leveraged. Other attacks as Apart from Phishing, attempt to deal sensitive information as an asset of users. Furthermore, in this study attacks that compromise users’ computers have been ignored. Also key loggers and rootkits, and cookie attacks look like cross site request forgery (CSRF) attacks and cross site script (XSS) attacks have been ignored. Finally, attacks which compromise the integrity of the web site will not discuss.
14
1.8 Summary
112
REFERENCES
Abbadi, I. M., and Martin, A. (2011). Trust in the Cloud. Information Security Technical Report.
Ahmad, Z., Ab Manan, J. L., and Sulaiman, S. (2010). User Requirement Model for Federated Identities Threats.
Archer, D. C. J., Nils Puhlmann, Alan Boehme, Paul Kurtz, and Reavis, J. (2011). Security guidance for critical areas of focus in cloud computing v3.0. Cloud Security Alliance.
Armando, A. C., R. Compagna, L. Cuellar, J. Tobarra, L. (2008). Formal analysis of SAML 2.0 web browser single sign-on: breaking the SAML-based single sign-on for google apps 1-10.
Badger, L., Grance, T., Patt-Corner, R., and Voas, J. (2011). Draft cloud computing synopsis and recommendations. NIST Special Publication. 800, 146.
Barrett, D., and Kipper, G. (2010). 1 - How Virtualization Happens. In Virtualization and Forensics (pp. 3-24). Boston: Syngress.
Carmignani, A. (2010). Identity federation using SAML and WebSphere software. Cooke, P. (2010). Black Hat TPM Hack and BitLocker. from
http://blogs.windows.com/windows/b/windowssecurity/archive/2010/02/10/bl ack-hat-tpm-hack-and-bitlocker.aspx
credentica.com. (2012). trusted computing. from
http://www.credentica.com/trusted_computing.html Dell. (2012). Red Flags. from
http://www.secureworks.com/consulting/security_and_governance_program_ development/red_flags/
Ding, X., and Wei, J. (2010). A Scheme for Confidentiality Protection of OpenID Authentication Mechanism 310-314.
Donovan, M., and Visnyak, E. (2011). Seeding the Cloud with Trust: Real World Trusted Multi-Tenancy Use Cases Emerge. from
http://www.ittoday.info/Articles/Trust/Trust.htm
Fazli Bin Mat Nor, K. A. J., Jamalul-lail Ab Manan. (Nov - 2012). Mitigating man-in-the-browser attacks with hardware-based authentication scheme.
International Journal of Cyber-Security and Digital Forensics (IJCSDF).
113
Feng, Q., Tseng, K. K., Pan, J. S., Cheng, P., and Chen, C. (2011a). New Anti-phishing Method with Two Types of Passwords in OpenID System.Genetic and Evolutionary Computing (ICGEC), 2011 Fifth International Conference on. 69-72.
Feng, Q., Tseng, K. K., Pan, J. S., Cheng, P., and Chen, C. (2011b). New Anti-phishing Method with Two Types of Passwords in OpenID System 69-72. Ferg, B. (2007). OpenID Authentication 2.0—Final. OpenID Community.
Gartner. (2011). Gartner Survey of CIOs in Asia Shows Cloud Computing Tops the Technology Priority List as Businesses Focus on Growth in 2011. from http://www.gartner.com/it/page.jsp?id=1729814
Gawasane, V. (2012). All About Software Testing, Tools and Tutorials. from http://softwaretesting-qaqc.blogspot.com/2012/06/before-getting-into-world-of-software.html
Grance, P. M. a. T. (2009). The nist definition of cloud computing.
Hodges, H., Johansson,Morgan. (2008). Towards Kerberizing Web Identity and Services. Kerberos consortium.
Huang, C. Y., Ma, S. P., and Chen, K. T. (2011). Using one-time passwords to prevent password phishing attacks. Journal of Network and Computer Applications. 34(4), 1292-1301.
Huang, H. Y., Wang, B., Liu, X. X., and Xu, J. M. (2010). Identity federation broker for service cloud.2010 International Conference on Service Sciences, ICSS 2010, May 12, 2010 - May 14, 2010. Hangzhou, China: 115-120.
Hwang, K., and Li, D. (2010). Trusted cloud computing with secure resources and data coloring. Internet Computing, IEEE. 14(5), 14-22.
Jasti, A., Shah, P., Nagaraj, R., and Pendse, R. (2010). Security in multi-tenancy cloud.44th Annual 2010 IEEE International Carnahan Conference on Security Technology, ICCST 2010, October 5, 2010 - October 8, 2010. San Jose, CA, United states: 35-41.
Jiang, J., Duan, H., Lin, T., Qin, F., and Zhang, H. (2011). A federated identity management system with centralized trust and unified Single Sign-On 785-789.
Khattak, Z., Sulaiman, S., and Manan, J. (2010). A study on threat model for federated identities in federated identity management system 618-623. Khiabani, H., Manan, J. L. A., and Sidek, Z. M. (2009). A study of trust & privacy
models in pervasive computing.Technical Postgraduates (TECHPOS), 2009 International Conference for. 1-5.
114
Latze, C., and Ultes-Nitsche, U. (2007). Stronger authentication in e-commerce: How to protect even naive user against phishing, pharming, and mitm attacks. Proceedings of the IASTED International Conference on Communication Systems, Networks, and Applications. 111-116.
Leandro, M. A. P., Nascimento, T. J., dos Santos, D. R., Westphall, C. M., and Westphall, C. B. (2012). Multi-Tenancy Authorization System with
Federated Identity for Cloud-Based Environments Using Shibboleth 88-93. Leicher, A., Schmidt, A., and Shah, Y. (2012). Smart OpenID: A Smart Card Based
OpenID Protocol. Information Security and Privacy Research, 75-86. Li, X. Y., Zhou, L. T., Shi, Y., and Guo, Y. (2010). A trusted computing
environment model in cloud architecture 2843-2848.
Madsen, P., Koga, Y., and Takahashi, K. (2005). Federated identity management for protecting users from ID theft 77-83.
Mat Nor, F. B., Abd Jalil, K., and Ab Manan, J. (2011). Remote User Authentication Scheme with Hardware-Based Attestation. Software Engineering and
Computer Systems, 437-447.
Ping-Identity. (2012). Internet-Scale Identity Systems: An Overview and Comparison.
Rodriguez, U. F., Laurent-Maknavicius, M., and Incera-Dieguez, J. (2006). Federated identity architectures.
Rouse, M. (2007). trusted computing. from
http://searchsecurity.techtarget.com/definition/trusted-computing
Schäffer, B. (2011). Authentication and Authorization in Spatial Data Infrastructures. Sha, S., Yan, W. Q., and Li, M. Z. (2010). A secure SSO protocol without clock
synchronization V3-422-V423-424.
Spencer, T. (2012). Identity in the cloud. Computer Fraud & Security. 2012(7), 19-20.
Sun, S. T. (2012). Simple But Not Secure: An Empirical Security Analysis of OAuth 2.0-Based Single Sign-On Systems.
Sun, S. T., Pospisil, E., Muslukhov, I., Dindar, N., Hawkey, K., and Beznosov, K. (2011). What makes users refuse web single sign-on?: an empirical
investigation of OpenID 4.
Suriadi, S., Foo, E., and Jøsang, A. (2009). A user-centric federated single sign-on system. Journal of Network and Computer Applications. 32(2), 388-401. Tan, X., and Ai, B. (2011). The issues of cloud computing security in high-speed
115
Engineering and Information Technology, EMEIT 2011, August 12, 2011 - August 14, 2011. Harbin, China: 4358-4363.
TCG. (2011). Trusted Computing. from
http://www.trustedcomputinggroup.org/trusted_computing TCG. (2012). Trusted Computing. from
http://www.trustedcomputinggroup.org/trusted_computing Thibeau, D., and Drummond, R. (2009). Open trust frameworks for open
government: Enabling citizen involvement through open identity technologies. White paper, OpenID Foudation and Information Card Foudation.
Urien, P. (2010). An OpenID provider based on SSL smart cards 1-2. Wang. (2011). An Analysis of Web Single Sign-On.
Wang, R., Chen, S., and Wang, X. (2012a). Signing Me onto Your Accounts through Facebook and Google: a Traffic-Guided
Security Study of Commercially Deployed Single-Sign-On Web Services. Wang, R., Chen, S., and Wang, X. F. (2012b). Signing Me onto Your Accounts
through Facebook and Google: a Traffic-Guided Security Study of Commercially Deployed Single-Sign-On Web Services.
Yan, L., Rong, C., and Zhao, G. (2009). Strengthen cloud computing security with federal identity management using hierarchical identity-based cryptography. 1st International Conference on Cloud Computing, CloudCom 2009,
December 1, 2009 - December 4, 2009. Beijing, China: 167-177.
You, J. H., and Jun, M. S. (2010a). A Mechanism to Prevent RP Phishing in OpenID System 876-880.
You, J. H., and Jun, M. S. (2010b). A Mechanism to Prevent RP Phishing in OpenID System.Computer and Information Science (ICIS), 2010 IEEE/ACIS 9th International Conference on. 876-880.